17.05 - Dictionary Storage of CONNECT THROUGH Metadata - Teradata Database

Teradata Vantageā„¢ - SQL Data Control Language

prodname
Advanced SQL Engine
Teradata Database
vrm_release
17.00
17.05
created_date
June 2020
category
Programming Reference
featnum
B035-1149-170K

The dictionary table DBC.ConnectRulesTbl contains information on which proxy users can connect through which trusted users and what roles are available to make proxy connections. The table contains one row for every trusted_user_name:proxy_user_name combination.

When the system processes a GRANT CONNECT THROUGH request, it writes a row to DBC.ConnectRulesTbl for each of the following pairs that you specify:

  • Trusted user name:permanent user name
  • Trusted user name:application user name

The row persists until either you drop the trusted user or the permanent user.

When you grant WITH TRUST_ONLY to a trusted user, Teradata Database adds a row to DBC.ConnectRulesTbl that contains the following information:

  • TrustUserId
  • ProxyUser=space_characters
  • TrustOnly=Y

Teradata Database also updates all rows in DBC.ConnectRulesTbl with the value for TrustUserId=specified_TrustUserID to set TrustOnly=Y.

When you revoke WITH TRUST_ONLY from a trusted user, Teradata Database updates all rows in DBC.ConnectRulesTbl where TrustUserId=specified_TrustUserID to set TrustOnly=N.

To provide an audit trail for the management of the rules, Teradata Database retains the row if the privilege is revoked, but does not drop the user.

The following list indicates the values for DBC.ConnectRulesTbl.GrantStatus when the TRUST_ONLY privilege is granted to a trusted user or not:

  • If DBC.ConnectRulesTbl.GrantStatus is set to G, then the TRUST_ONLY privilege is granted to trusted_user .
  • If DBC.ConnectRulesTbl.GrantStatus is set to R, then TRUST_ONLY privilege is revoked from trusted_user .